threatpost.com Archives - 07 February 2013, Thursday

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arb...

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proof-of-concept exploit code for a couple of the flaws and the team at Metasploit have released a module for the penetration testing framework that exploit one of the...

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential for serious attacks and saying that one of the bugs in particular could be easy prey for attackers. The most serious of the flaws is in the parameter parsing funct...

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the ma...

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the ma...

A mid-year switch in communication protocol and distribution strategy is behind a spike in activity from the ZeroAccess botnet, a prolific and malicious ad click fraud network. Researchers at Kindsight Security Lab reported today that ZeroAccess accounts for 29 percent of home network...